This page is for safety managers, accountable executives, and anyone who needs to understand the
structural framework of SMS. If you are new to SMS entirely, start with What Is a Safety
Management System? for broader context.
How the Pillars Interact
Understanding how the pillars relate to each other is as important as understanding each one individually. An SMS with strong risk management but weak assurance will implement controls that slowly degrade without anyone noticing. An SMS with excellent promotion but undefined policy will have enthusiastic employees with no clear safety objectives to work toward. An SMS with rigorous policy and assurance but no promotion will have a technically sound system that nobody uses because they do not understand it or trust it. The pillars operate as a reinforcing cycle: Policy establishes the objectives and accountability structure. Risk management identifies hazards and develops controls. Assurance monitors whether those controls are effective and feeds findings back into risk management when they are not. Promotion trains people on the processes and communicates lessons learned, which in turn strengthens reporting and reinforces policy commitments. The cycle is continuous — an SMS is never “done.”Pillar 1: Safety Policy (14 CFR Part 5 Subpart B)
Safety Policy establishes the organizational commitment to safety and defines who is responsible for what. It is the foundation on which the other three pillars rest. Without clear policy, risk management has no criteria to assess against, assurance has no standard to audit to, and promotion has no message to communicate.What Part 5 Requires
Section 5.21 requires a written safety policy that includes safety objectives (what the organization is trying to achieve in safety performance), a code of ethics (standards of conduct for safety-related activities), and a non-punitive reporting policy that encourages employees to report hazards without fear of retaliation (see Just Culture). The policy must be signed by the accountable executive and communicated to all employees. It cannot be a document that sits in a binder — people must know it exists and understand what it means for their work.The Accountable Executive
Section 5.23 introduces the most critical role in the SMS: the accountable executive. This person must have final authority over operations conducted under the certificate, final responsibility for the SMS, and control over both the financial and human resources needed for safety. The accountable executive’s responsibility cannot be delegated. They may delegate tasks and assign safety personnel, but the ultimate accountability for SMS effectiveness stays with them. In a Part 135 operation, this is typically the certificate holder, director of operations, or president.Emergency Response Planning
Section 5.27 requires coordination of emergency response planning. This does not mean the SMS replaces existing emergency procedures — it means the organization has planned, documented, and practiced its response to emergencies, and that these plans are coordinated with relevant external parties.How PlaneConnection Supports Safety Policy
PlaneConnection captures the organizational safety policy in the Settings area, where you define your policy statement, designate key personnel, and configure reporting policies. The Safety Committee module documents governance activities — meetings, decisions, and action items — that demonstrate active safety leadership. The Emergency Response (ERP) section maintains plans, contact lists, and exercise records.Pillar 2: Safety Risk Management (14 CFR Part 5 Subpart C)
Safety Risk Management (SRM) is the systematic process of identifying hazards, analyzing their associated risks, and developing controls to reduce risk to acceptable levels. If Safety Policy answers “what are we committed to?”, SRM answers “what could go wrong, and what are we doing about it?”The SRM Process
The SRM process follows a defined sequence established in Sections 5.51 through 5.57. It begins with system analysis — understanding the system under review, including its function, operating environment, procedures, personnel, equipment, and interfaces. From there, hazard identification seeks conditions that could foreseeably cause or contribute to an aircraft accident. Risk analysis determines the potential severity and likelihood for each hazard, and risk assessment compares the analyzed risk against your defined acceptable levels. For any risk assessed as unacceptable, risk controls are developed and residual risk is reassessed.When SRM Must Be Applied
Per Section 5.51, SRM is not a periodic exercise. It is triggered by specific events:- Design and implementation of new systems or operations
- Changes to existing systems, procedures, or operations
- Hazards identified through safety assurance processes
- Ineffective risk controls discovered through monitoring
- External changes affecting operations
Notification of Hazards
Section 5.57 adds an often-overlooked requirement: when you identify a hazard that affects other organizations you interface with, you must notify them. For Part 135 operators, this could mean notifying FBOs, maintenance providers, or code-share partners about hazards relevant to their operations.How PlaneConnection Supports SRM
The Hazards module provides the risk register and 5x5 assessment matrix. Reports and Investigations feed hazard identification into the SRM process. The Management of Change (MOC) module ensures that operational changes trigger formal risk assessments before implementation. Every risk entry tracks initial risk, controls applied, and residual risk.Pillar 3: Safety Assurance (14 CFR Part 5 Subpart D)
Safety Assurance answers a critical question: are the controls you put in place actually working? It is the feedback loop that closes the cycle between risk management and ongoing operations.Monitoring and Measurement
Section 5.71 requires continuous monitoring of safety performance across seven areas: operational processes (are people following procedures?), organizational characteristics (are resources adequate?), external events (industry incidents, regulatory changes), internal safety reporting (report volume, types, and trends), regulatory compliance (are all requirements being met?), environmental factors (physical and organizational environment), and employee safety concerns (are people raising issues?). This is not passive monitoring. It requires defined Safety Performance Indicators (SPIs) with targets and alert thresholds, active review of safety reports and investigation findings, and periodic internal audits.Safety Performance Assessment
Section 5.73 requires evaluating whether controls are achieving their intended outcomes. When they are not, corrective action is required. This assessment may reveal that a control was poorly designed, was not implemented as intended, or has been rendered ineffective by changes in the operation.Continuous Improvement
Section 5.75 requires that findings from monitoring and assessment drive improvement. This is not optional refinement — it is a regulatory requirement that your SMS evolve based on evidence. An SMS that does not change over time is not meeting this requirement.Safety Assurance is where many organizations struggle. It is not enough to set up an SMS and
declare it complete. The FAA will evaluate whether your SA processes are actively functioning
during surveillance activities.
How PlaneConnection Supports Safety Assurance
The Compliance module tracks adherence to Part 5 requirements and flags gaps. Safety Performance Indicators (SPIs) monitor key metrics over time, surfacing trends before they become problems. Corrective and Preventive Actions (CPAs) track remediation with verification steps to confirm that fixes actually work. SmartScore provides an AI-powered overall safety health assessment. The Safety Committee module documents meetings, action items, and decisions, maintaining the audit trail of safety governance.Pillar 4: Safety Promotion (14 CFR Part 5 Subpart E)
Safety Promotion is about building and maintaining a positive safety culture through training and communication. Even a technically sound SMS will fail if the people in the organization do not understand it, trust it, or participate in it.Competencies and Training
Section 5.91 requires that all personnel understand their role within the SMS. This goes beyond a one-time orientation — the accountable executive must understand their oversight responsibilities, safety managers must be competent in risk assessment and investigation, line personnel must know how to identify hazards and submit reports, investigators must be trained in root cause analysis techniques, and everyone must understand the non-punitive reporting policy. Training must be ongoing. Initial training establishes the baseline, but recurrent training reinforces concepts and introduces improvements as the SMS matures.Safety Communication
Section 5.93 requires methods for disseminating safety information across the organization, including lessons learned from investigations, changes to safety procedures, safety performance data and trends, safety alerts and bulletins, and feedback to reporters on actions taken. Effective communication is two-directional. It is not enough to push information out — the organization must create channels for people to raise concerns and ask questions.How PlaneConnection Supports Safety Promotion
The Training module tracks course assignments and completion across the organization. The Activity feed provides a timeline of safety events visible to relevant personnel. The Documents section serves as the repository for safety policies, procedures, and bulletins. The Safety AI Assistant can help draft communications, summarize investigation findings, and answer questions about SMS data. The Glossary provides a shared vocabulary for safety terminology.Mapping PlaneConnection to the Pillars
| Pillar | Part 5 Subpart | PlaneConnection Modules |
|---|---|---|
| Safety Policy | B (SS 5.21-5.27) | Settings, Safety Committee, ERP |
| Safety Risk Management | C (SS 5.51-5.57) | Reports, Investigations, Hazards, MOC |
| Safety Assurance | D (SS 5.71-5.75) | Compliance, CPAs, SPIs, SmartScore |
| Safety Promotion | E (SS 5.91-5.93) | Training, Documents, Activity, AI |
Related
What Is a Safety Management System?
The evolution from reactive to proactive safety management.
FAA 14 CFR Part 5 Overview
Plain-language guide to the regulation behind SMS.
Understanding Risk Management
The SRM process, risk matrix, ALARP, and bow-tie model.
Just Culture and Non-Punitive Reporting
Why non-punitive reporting is the backbone of effective SMS.